Using Gnupg with either a smartcard key or a local key

Question

I added a second signing subkey to my GPG key, which I then moved to a Yubikey:

/home/user/.gnupg/pubring.kbx
----------------------------
sec#  ed25519/ABCDECAD 2023-11-12 [SC]
      ...(fingerprint omitted)...
uid         [ultimate] Joost Molenaar <a@b.cd>
uid         [ultimate] Joost Molenaar <b@c.de>
ssb   ed25519/BCDE155E 2023-11-12 [S] [expires: 2024-11-11]
ssb>  ed25519/CDEFFDB0 2023-11-15 [S] [expires: 2024-11-14]

Now, when I sign something, for example using gpg --clearsign --armor <<<test, I always get asked for the Yubikey, and can only use the local BCDE155E key if I explictly ask for it with the --local-user BCDE155E! option.

Is there a way of making GPG use the CDEFFDB0 key if the card is present, but falling back to the BCDE155E key if the card is not present?

Did find some other places where this question is asked: https://lists.gnupg.org/pipermail/gnupg-users/2020-January/063239.html and https://security.stackexchange.com/questions/183226/how-to-force-gpg-to-use-a-keycard-when-it-is-available. — j0057, Nov 21 '23 at 17:51
Does this answer your question? How to force GPG to use a Keycard when it is available — End Anti-Semitic Hate, Nov 23 '23 at 11:08
I don't think so, because I did use keytocard on the CDEFFDB0 key. I did find a workaround, by deleting the private key stub in ~/.gnupg/private-keys-v1.d whenever I don't want to be asked for the Yubikey. — j0057, Nov 23 '23 at 23:21

Using Gnupg with either a smartcard key or a local key

0 Answers0